summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php7
-rw-r--r--includes/general.php3
2 files changed, 10 insertions, 0 deletions
diff --git a/includes/account.php b/includes/account.php
index b1ab984..5d45602 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -535,6 +535,13 @@ function buildSubjectFromSession() {
exit;
}
+ if(!isValidWildcard($_REQUEST['newdomain']) || strstr($_REQUEST['newdomain'],"*") !== false) {
+ showheader(_("My CAcert.org Account!"));
+ echo _("Your domain is not valid.");
+ showfooter();
+ exit;
+ }
+
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
while($newdomain['0'] == '-')
$newdomain = substr($newdomain, 1);
diff --git a/includes/general.php b/includes/general.php
index f84ae5b..cd6d910 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -273,6 +273,9 @@
if(!preg_match('/^(\\.(?!-)[a-z0-9_-]*[a-z0-9])+$/i','.'.$name)){
return false;
}
+ if(preg_match('/^(\\.[0-9]*)+$/i','.'.$name)){
+ return false;
+ }
return strpos($name, "*") === false;
}